What is your patch management policy? If you do not know, then please read on. Every business should have an official patch management policy in place, regardless of the number of computers being operated. Whether it is two or two hundred, your corporate intellectual property is just as valuable to you and the risk of letting your data become damaged or pirated certainly justifies the existence of an enforced patch management policy that requires all computers connected to your network to be updated to the latest security patches available. This means requiring either a policy in your group policies that locks users from overriding an update or by requiring users not to interfere with the update process. Users that disobey the patch management policy should be disciplined based on the policies and procedures in practice at your business.
This strict patch management policy should also include forbidding outside computers from connecting directly to your local area network if they are not at the latest security patch level for their operating system. A computer that exists outside the control of your patch management policy could be outdated and infected and act as a gateway for an intrusion to your systems. Your patch management policy should be broad enough to include those outside systems.
You should also perform regular audits through a network scanner of some sort, the choice being yours, to verify the compliance of the various systems in use on your network. Reports can be run by many auditing programs so that you can be sure that the patch management policy is working as you expect and that the computers under your control have been properly updated. Even with the best of intentions and a solid patch management policy, failures and file corruption can, at times, prevent a machine from being patched as expected. Keeping diligent about the enforcement of your patch management policy will go a long way towards heightening your system security.